Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistASRGCVELIST:CVE-2023-43630
HistorySep 20, 2023 - 2:37 p.m.

CVE-2023-43630 Config Partition Not Measured From 2 Fronts

2023-09-2014:37:44
CWE-922
CWE-522
CWE-328
ASRG
www.cve.org
config partition
measured boot
sha256
sha1
full device compromise

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

PCR14 is not in the list of PCRs that seal/unseal the “vault” key, but
due to the change that was implemented in commit
“7638364bc0acf8b5c481b5ce5fea11ad44ad7fd4”, fixing this issue alone would not solve the
problem of the config partition not being measured correctly.

Also, the “vault” key is sealed/unsealed with SHA1 PCRs instead of
SHA256.
This issue was somewhat mitigated due to all of the PCR extend functions
updating both the values of SHA256 and SHA1 for a given PCR ID.

However, due to the change that was implemented in commit
“7638364bc0acf8b5c481b5ce5fea11ad44ad7fd4”, this is no longer the case for PCR14, as
the code in “measurefs.go” explicitly updates only the SHA256 instance of PCR14, which
means that even if PCR14 were to be added to the list of PCRs sealing/unsealing the “vault”
key, changes to the config partition would still not be measured.

An attacker could modify the config partition without triggering the measured boot, this could
result in the attacker gaining full control over the device with full access to the contents of the
encrypted “vault”

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "packageName": "EVE OS",
    "product": "EVE OS",
    "programFiles": [
      "https://github.com/lf-edge/eve/blob/master/pkg/measure-config/src/measurefs.go",
      "https://github.com/lf-edge/eve/blob/master/pkg/pillar/evetpm/tpm.go"
    ],
    "repo": "https://github.com/lf-edge/eve",
    "vendor": " LF-Edge, Zededa",
    "versions": [
      {
        "lessThan": "9.5.0",
        "status": "affected",
        "version": "9.0.0",
        "versionType": "release"
      }
    ]
  }
]

Related

nvd 1
cve 1
prion 1
nvd
nvd
CVE-2023-43630
2023-09-20 15:15:11
cve
cve
CVE-2023-43630
2023-09-20 15:15:11
prion
prion
Design/Logic Flaw
2023-09-20 15:15:00

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON
Related for CVELIST:CVE-2023-43630
nvd1cve1prion1